<?PHP
class admin_users
{
	function admin_users($id)
	{
		if($id)
		{
			$st="SELECT *, md5(password) AS pwd, DATE_FORMAT(last_login, '%M %d %Y [%r]') AS last_login FROM admin_users WHERE user_id='$id'";
			$rc = mysql_query($st) or die(mysql_error());
			$a_rw=mysql_fetch_array($rc);
			$this->user_id=$a_rw['user_id'];
			$this->date_created=$a_rw['date_created'];
			$this->last_modified=$a_rw['last_modified'];
			$this->username=$a_rw['username'];
			$this->password=$a_rw['pwd'];
			$this->email=$a_rw['email'];
			$this->deleted=$a_rw['deleted'];
			$this->last_login=$a_rw['last_login'];
		}
	}

	function get_admin_users_count()
	{
	   $row=mysql_query("select count(*) from admin_users where deleted='N'") or die(mysql_error());
	   $res=mysql_fetch_row($row);
	   return $res[0];
	}

	function list_admin_users($sortBy, $dir)
	{
	   $row=mysql_query("select * from admin_users where deleted='N' ORDER BY $sortBy $dir") or die(mysql_error());
	   return $row;
	}

	function update_login_date($last_login)
	{
		$query_data = "Update admin_users set last_login='$last_login' where user_id='$this->user_id'";
		mysql_query($query_data) or die(mysql_error());
	}

	function changeadmin_userstatus($flg_status)
	{
			$query_data	= "Update admin_users set status='$flg_status' where user_id='$this->id'";
			$result_update	= mysql_query ( $query_data ) or die(mysql_error());
	}

	function validateUser($username,$password)
	{
		$str="select count(*) from admin_users where username='$username' AND status='Y' AND deleted='N'";

		$rc = mysql_query($str) or die ("Sorry! could not execute query $str ".mysql_error());
		$count=mysql_fetch_row($rc);

		if($count[0]<1)
		{
			$mesg="<center>Invalid Username try again!</center>";
		}
		else
		{
			$str="select username,user_id,password as pwd from admin_users where username='$username' AND status='Y' AND deleted='N'";

			$rc = mysql_query($str) or die ("Sorry! could not execute query $str ".mysql_error());

					$a_row=mysql_fetch_array($rc);

					$username=$a_row['username'];
					$user_id=$a_row['user_id'];
					$checkPassword=$a_row['pwd'];
					$newpassword=md5($password);

				if($newpassword == $checkPassword)
				{
						session_register("gbl_user_id");
						session_register("gbl_username");
						session_register("gbl_login_date");

						$hour = date("H");
						$minute = date("i");
						$seconds = date("s");
						$day = date("d");
						$month = date("m");
						$year = date("Y");

						// This is the offset from the server time to your time.
						$hour = $hour + 11;
						$minute = $minute + 30;
						// mktime ( int hour, int minute, int second, int month, int day, int year [, int is_dst])

						$_SESSION['gbl_user_id'] = $user_id;
						$_SESSION['gbl_username'] = $username;
						//$_SESSION['gbl_login_date'] = gmstrftime ("%Y-%m-%d %H:%i:%s", mktime ());
						$_SESSION['gbl_login_date'] = date ("%Y-%m-%d %H:%i:%s", mktime ($hour,$minute,$seconds,$month,$day,$year));

						header("Location:my_admin.php");
				} else {
						$mesg="<center>Password is not matching! Try again!</center>";
				}
		}
		return $mesg;
	}

	function add_user()
	{
			$ip_allowed = $this->ip_allowed_1.".".$this->ip_allowed_2.".".$this->ip_allowed_3.".".$this->ip_allowed_4;

			$query_data	= "INSERT INTO admin_users (`user_id`,  `date_created`, `createdby_userid`, `username`, `password`, `first_name`, `last_name`,  `phone_home`,  `email` ,  `address_street`,  `address_city`,  `address_state`,  `address_postalcode`,  `address_country`, `description`, `user_type`, `ip_allowed`)
			VALUES('', now() , '".$this->createdby_userid."' , '".addslashes($this->username)."' , '".md5($this->password)."' , '".addslashes($this->first_name)."' , '".addslashes($this->last_name)."' , '".$this->phone_home."' , '".addslashes($this->email)."' , '".addslashes($this->address_street)."' , '".addslashes($this->address_city)."' , '".addslashes($this->address_state)."' , '".addslashes($this->address_postalcode)."' , '".addslashes($this->address_country)."' , '".addslashes($this->description)."' , '$this->user_type' , '$ip_allowed')";
			$result_update	= mysql_query ( $query_data ) or die(mysql_error());
	}

	function mod_user()
	{
			$ip_allowed = $this->ip_allowed_1.".".$this->ip_allowed_2.".".$this->ip_allowed_3.".".$this->ip_allowed_4;

			$query_data	= "UPDATE admin_users
							SET modifiedby_userid = ".$this->modifiedby_userid.",
							last_modified = now(),
							first_name = '".addslashes($this->first_name)."',
							last_name = '".addslashes($this->last_name)."',
							phone_home = '".$this->phone_home."',
							email = '".addslashes($this->email)."',
							address_street = '".addslashes($this->address_street)."',
							address_city = '".addslashes($this->address_city)."',
							address_state = '".addslashes($this->address_state)."',
							address_postalcode = '".addslashes($this->address_postalcode)."',
							address_country = '".addslashes($this->address_country)."',
							description = '".addslashes($this->description)."',
							login_failure_count = '".$this->login_failure_count."',
							ip_allowed = '".$ip_allowed."',
							status = '".$this->status."' WHERE user_id = $this->user_id";
			$result_update	= mysql_query ( $query_data ) or die(mysql_error());
	}

	function mod_user_pwd($old_password, $new_password)
	{
		$str="select password as pwd from admin_users where user_id=".$_SESSION['gbl_user_id'];
		$rc = mysql_query($str) or die ("Sorry! could not execute query $str ".mysql_error());

					$a_row=mysql_fetch_array($rc);

					$checkPassword=$a_row['pwd'];
					$old_password=md5($old_password);

				if($old_password == $checkPassword)
				{
					$query_data	= "UPDATE admin_users
									SET last_modified = now(),
									password = '".md5($new_password)."' WHERE user_id=".$_SESSION['gbl_user_id'];
					$result_update	= mysql_query ( $query_data ) or die(mysql_error());
					$mesg = "<center>User password has been changed successfully</center>";
				} else {
					$mesg = "<center>Invalid Old Password try again!</center>";
				}
		return $mesg;
	}

	function delete_user()
	{
		$query_check = "select * from admin_users where user_id=$this->user_id";
		$result_check = mysql_query ( $query_check ) or die(mysql_error());

		if(@mysql_num_rows($result_check) > 0){
			$res = mysql_fetch_array($result_check);
			if($res['user_type'] != 'A'){
			$query_data	= "Update admin_users set deleted='Y' where user_id=$this->user_id";
			$result_update	= mysql_query ( $query_data ) or die(mysql_error());
			$mesg="User deleted successfully";
			} else {
			$mesg="Admin user can't be deleted.";
			}
		} else {
			$mesg = "No record found.";
		}
		return $mesg;
	}
}
?>